|
|
Colapse all |
Post message
CVE-2015-6576: Bamboo - Deserialisation resulting in remote code execution 2015-10-23 David Black (dblack atlassian com) Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE 2015-10-22 scurippio autistici org Encoding correction : Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client <= 3.0.18.1 RFI to RCE Date: 12/10/2015 Author: Scurippio <scurippio (at) anche (dot) no [email concealed]> / (0x6FB30B11 my pgp keyid) Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 - [ more ] [ reply ] SEC Consult SA-20151022-0 :: Lime Survey Multiple Critical Vulnerabilities 2015-10-22 SEC Consult Vulnerability Lab (research sec-consult com) Re: TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE 2015-10-22 scurippio autistici org Without encoding error... Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client <= 3.0.18.1 RFI to RCE Date: 12/10/2015 Author: Scurippio <scurippio (at) anche (dot) no [email concealed]> / (0x6FB30B11 my pgp keyid) Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0 [ more ] [ reply ] TeamSpeak Client <= 3.0.18.1 RFI, Directory Traversal to RCE 2015-10-22 scurippio autistici org Exploit Title: "PwnSpeak" a 0day Exploit for TeamSpeak Client <= 3.0.18.1 RFI/ to RCE Date: 12/â â 10/â â 2015 Author: Scurippio <scurippio (at) anche (dot) no [email concealed]> /â â (0x6FB30B11 my pgp keyid) Vendor Homepage: https://www.teamspeak.com/ Application: TeamSpeak 3 Version: TeamSpeak3 Client 3.0.0 -â â [ more ] [ reply ] Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 2015-10-22 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco Security Advisory: Multiple Vulnerabilities in ntpd Affecting Cisco Products - October 2015 Advisory ID: cisco-sa-20151021-ntp Version 1.0: Interim For Public Release 2015 October 21 23:00 UTC (GMT) +--------------------------------------- [ more ] [ reply ] APPLE-SA-2015-10-21-8 OS X Server 5.0.15 2015-10-21 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-10-21-8 OS X Server 5.0.15 OS X Server 5.0.15 is now available and addresses the following: BIND Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.1 or later Impact: Multiple vulnerabilities in BIND Description: Multiple v [ more ] [ reply ] APPLE-SA-2015-10-21-7 Xcode 7.1 2015-10-21 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-10-21-7 Xcode 7.1 Xcode 7.1 is now available and addresses the following: Swift Available for: OS X Yosemite v10.10.5 or later Impact: Swift programs performing certain type conversions may receive unexpected values Description: A t [ more ] [ reply ] APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 2015-10-21 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2015-10-21-6 Mac EFI Security Update 2015-002 Mac EFI Security Update 2015-002 is now available and addresses the following: EFI Available for: OS X Mavericks v10.9.5 Impact: An attacker can exercise unused EFI functions Description: An [ more ] [ reply ] APPLE-SA-2015-10-21-5 iTunes 12.3.1 2015-10-21 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-5 iTunes 12.3.1 iTunes 12.3.1 is now available and addresses the following: iTunes Available for: Windows 7 and later Impact: A man-in-the-middle attack while browsing the iTunes Store via iTunes may result in unexpected applic [ more ] [ reply ] APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 2015-10-21 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-4 OS X El Capitan 10.11.1 and Security Update 2015-007 OS X El Capitan 10.11.1 and Security Update 2015-007 are now available and address the following: Accelerate Framework Available for: OS X Mavericks v10.9.5, OS X Yosemite v [ more ] [ reply ] APPLE-SA-2015-10-21-3 Safari 9.0.1 2015-10-21 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-3 Safari 9.0.1 Safari 9.0.1 is now available and addresses the following: WebKit Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10.5, and OS X El Capitan v10.11 Impact: Visiting a maliciously crafted website may lead [ more ] [ reply ] APPLE-SA-2015-10-21-2 watchOS 2.0.1 2015-10-21 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-2 watchOS 2.0.1 watchOS 2.0.1 is now available and addresses the following: Apple Pay Available for: Apple Watch Sport, Apple Watch, Apple Watch Edition, and Apple Watch Hermes Impact: Some cards may allow a terminal to retrie [ more ] [ reply ] APPLE-SA-2015-10-21-1 iOS 9.1 2015-10-21 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-21-1 iOS 9.1 iOS 9.1 is now available and addresses the following: Accelerate Framework Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later Impact: Visiting a maliciously crafted website may [ more ] [ reply ] Cisco Security Advisory: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability 2015-10-21 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco ASA Software VPN ISAKMP Denial of Service Vulnerability Advisory ID: cisco-sa-20151021-asa-ike Revision 1.0 For Public Release 2015 October 21 16:00 UTC (GMT) +------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco ASA Software DNS Denial of Service Vulnerability 2015-10-21 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco ASA Software DNS Denial of Service Vulnerability Advisory ID: cisco-sa-20151021-asa-dns1 Revision 1.0 For Public Release 2015 October 21 16:00 UTC (GMT) +------------------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability 2015-10-21 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability Advisory ID: cisco-sa-20151021-asa-dhcp1 Revision 1.0 For Public Release 2015 October 21 16:00 UTC (GMT) +--------------------------------------------------- [ more ] [ reply ] Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability 2015-10-21 Cisco Systems Product Security Incident Response Team (psirt cisco com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Cisco Security Advisory: Cisco ASA Software DHCPv6 Relay Denial of Service Vulnerability Advisory ID: cisco-sa-20150115-asa-dhcp Revision 2.0 For Public Release 2015 January 15 17:54 UTC (GMT) +---------------------------------------------------- [ more ] [ reply ] SiteWIX - (edit_photo2.php id) SQL Injection Exploit 2015-10-21 ZoRLu Bugrahan (zorlu milw00rm com) #!/usr/bin/env python #-*- coding:utf-8 -*- #Title : SiteWIX - (edit_photo2.php id) SQL Injection Exploit #Author : ZoRLu / zorlu (at) milw00rm (dot) com [email concealed] #Website : milw00rm.com / milw00rm.net / milw00rm.org / milw0rm.info #Twitter : https://twitter.com/milw00rm or @milw00rm #Test : Windows7 Ultimate #Disc [ more ] [ reply ] [SE-2014-02] Google App Engine Java security sandbox bypasses (Issue 42) 2015-10-21 Security Explorations (contact security-explorations com) Hello All, Oracle Critical Patch Update released yesterday incorporates a fix for a Java SE 7 vulnerability (Issue 42) that was discovered while investigating security of Google App Engine. Its technical details and a POC code can be found at the following address: http://www.security-exploration [ more ] [ reply ] [SECURITY] [DSA 3376-1] chromium-browser security update 2015-10-21 Michael Gilbert (mgilbert debian org) [SECURITY] [DSA 3374-1] postgresql-9.4 security update 2015-10-19 Salvatore Bonaccorso (carnil debian org) [SECURITY] [DSA 3373-1] owncloud security update 2015-10-18 Salvatore Bonaccorso (carnil debian org) ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access 2015-10-16 ERPScan inc (erpscan online gmail com) ERPSCAN Research Advisory [ERPSCAN-15-017] SAP NetWeaver J2EE DAS service - Unauthorized Access Application: SAP NetWeaver Versions Affected: SAP NetWeaver AS JAVA, probably others Vendor URL: http://SAP.com Bugs: Unauthorized access Sent: 20.04.2013 Reported: 21.04.2013 Vendor response: 21.04.201 [ more ] [ reply ] Events Made Easy WordPress plugin CSRF + Persistent XSS 2015-10-16 David Sopas (davidsopas gmail com) Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Original advisory: https://www.davidsopas.com/events-made-easy-wordpress-plugin-csrf-persis tent-xss/ Events Made Easy is a full-featured event management solution for [ more ] [ reply ] Qualys Security Advisory - LibreSSL (CVE-2015-5333 and CVE-2015-5334) 2015-10-16 Qualys Security Advisory (qsa qualys com) Qualys Security Advisory LibreSSL (CVE-2015-5333 and CVE-2015-5334) ======================================================================== Contents ======================================================================== Summary Memory Leak (CVE-2015-5333) Buffer Overflow (CVE-2015-5334) Ackn [ more ] [ reply ] [ISecAuditors Security Advisories] URL Open Redirect in Google generic TLD and ccTLD 2015-10-15 ISecAuditors Security Advisories (advisories isecauditors com) ============================================= INTERNET SECURITY AUDITORS ALERT 2015-005 - Original release date: October 5, 2015 - Last revised: October 15th, 2015 - Discovered by: Vicente Aguilera Diaz - Severity: 2/5 ============================================= I. VULNERABILITY ---------------- [ more ] [ reply ] APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 2015-10-15 Apple Product Security (product-security-noreply lists apple com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2015-10-15-1 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 Keynote 6.6, Pages 5.6, Numbers 3.6, and iWork for iOS 2.6 are now available which address the following: Keynote, Pages, and Numbers Available for: OS X Yosemite v10 [ more ] [ reply ] [security bulletin] HPSBOV03503 rev.1 - HP OpenVMS CSWS_JAVA running Tomcat, Multiple Remote Vulnerabilities 2015-10-15 security-alert hp com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c04851013 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c04851013 Version: 1 HPSBOV03503 r [ more ] [ reply ] |
|
Privacy Statement |
https://confluence.atlassian.com/x/Hw7RLg .
CVE ID: CVE-2015-6576
Product: Bamboo.
Affected Bamboo product versions:
* 2.2 <= version < 5.8.5
* 5.9.0 <= version < 5.9.7
Summary:
This advisory discloses a critical severity security vulne
[ more ] [ reply ]